1. Status storage:
- token:
Token is the authentication method of user identity.
The simplest token consists of uid (user's unique identity), time (timestamp of current time) and sign (signature) - session:
Session represents a session process between the server and the browser. This process is continuous or intermittent.
A session ID is stored in the cookie, which will be sent when requesting;
The session is generated by the request (request object);
Session is a container that can store any object in the process of a session;
The creation and use of session is always on the server side, and the browser has never obtained the session object;
session is an HTTP storage mechanism, which aims to provide a persistent mechanism for armed http. - cookie:
The data stored on the user's local terminal is generated by the server and sent to the browser. The next request for a unified website is sent to the server.
2. Homology strategy:
The so-called homology means that "protocol + domain name + port" are the same. Even if two different domain names point to the same ip address, they are not homologous.
It is the core and basic security function of the browser. Now all browsers that support JavaScript will use this strategy. If the homology policy is missing, the browser is vulnerable to XSS, CSFR and other attacks.
3. Cross domain:
When a request is sent out at the browser, the server will receive it and process and respond. However, after parsing the response of the request, the browser finds that the homologous policy (the protocol, domain name and port number in the address are the same) that does not belong to the browser does not contain the correct CORS response header, and the returned result is intercepted by the browser.
CORS divides requests into two categories: simple requests (without sending OPTIONS) and non simple requests (if the content type of the request header is application/json, CORS pre check requests will be triggered, which will also be called "non simple requests" here)
The pre check request is that before sending the actual request, the client will first send a request of the OPTIONS method to the server for confirmation. If it passes, the browser will initiate the real request, so as to avoid the impact of cross domain requests on the server's user data.
4. Basic concepts of HTTP and HTTPS:
The HTTP request message consists of three parts: request line + request header + request body
header: it mainly stores cookies, token s, content type, file type, and user agent browser ID
body: it mainly stores post form data and json data
HTTP: port 80 is the most widely used network protocol on the Internet. It is a client-side and server-side request and response standard (TCP). It is used to transmit hypertext from WWW server to local browser. It can make browser more efficient and reduce network transmission.
HTTPS: Port 443, in short, is the secure version of HTTP, that is, adding SSL layer under http. The security basis of HTTPS is SSL, so SSL is required for the details of encryption; The main functions can be divided into two types: one is to establish an information security channel to ensure the security of data transmission; The other is to confirm the authenticity of the website. Symmetric encryption is adopted for encryption, but the key of symmetric encryption is asymmetrically encrypted with the certificate of the server.
difference:
1. HTTPS The agreement needs to be ca To apply for a certificate, there are generally fewer free certificates, so a certain fee is required. 2. HTTP It is hypertext transmission protocol, and information is plaintext transmission, HTTPS Is safe SSL Encrypted transport protocol. 3. HTTP The connection of is simple and stateless; HTTPS The agreement is made by SSL+HTTP The protocol can be used for encrypted transmission, Network protocol for identity authentication HTTP Protocol security.
5. Differences between TCP and UDP:
1. TCP Connection oriented, UDP No connection; 2. TCP Reliable transmission, using flow control and congestion control, UDP Unreliable transmission; 3. TCP Only one-to-one communication, UDP Support one-to-one, one to many, many to many 4. TCP Byte stream oriented, UDP Message oriented 5. TCP The minimum 20 bytes and the maximum 60 bytes of the header, UDP The first part is only 8 bytes 6. TCP Reliable transmission applications, such as:File transfer, UDP Suitable for real-time applications, such as:IP Telephone, video conference, live broadcast
6. websocket:
1.The default ports are also 80 and 443, and are used in the handshake phase HTTP Protocol, so it is not easy to shield when shaking hands. 2.You can send text or binary data. 3.There is no homology restriction, and the client can communicate with any server.
7. The difference between docker and ordinary virtual machine:
1. Better at isolating the whole virtual machine. 2. Docker It is usually used to isolate different applications.
8. * kernel state and user state:
There are three ways to switch from user mode to kernel mode:
1. System call, such as library function, shell script. In fact, the system call itself is an interrupt, but the software interrupt is different from the hard interrupt. 2. Exception: if the current process is running in user mode, if an exception occurs at this time, the switch will be triggered. For example: page missing exception. 3. Peripheral interrupt: when the peripheral completes the user's request, it will send a message to the user CPU Send interrupt signal.
9. *IO multiplexing:
select poll Find the agent, poll and ask the agent. select: 1. Single thread, Polling check IO Are there any events, Low efficiency; 2. The replication of user space and kernel space is very resource consuming; 3. fd_set(Number of listening ports): 32 The default number of 64 bit computers is 1024, and the default number of 64 bit computers is 2048. poll: 1. Separate read, write and exception detection; 2. Replace the original with a linked list fd_set data structure,And there is no limit on the number of connections. epoll Find an agent and the agent receives an active inquiry(event driven ). epoll: Execute read, write and exception in a blocking operation epoll Two working modes of: 1.Horizontal trigger( LT)2.Edge trigger( ET) LT Mode: if the ready event doesn't finish processing the event to be done at one time, it will be processed all the time. That is, the events that have not been processed will continue to be put back into the ready queue (i.e. the linked list in that kernel) and processed all the time. ET Mode: ready events can only be processed once. If not, they will be processed when other events are ready next time. If there is no ready event in the future, the remaining data will be lost. thus it can be seen: ET Efficiency ratio of mode LT The efficiency of the model is much higher. Just if you use ET Mode, it is necessary to ensure that each time the data is processed, it should be processed without data loss, so the requirements for code writers are relatively high. be careful: ET Mode only supports non blocking reading and writing: to ensure data integrity.
10. * why time is needed_ WAIT:
1. Prevent the delay data of the passive shutdown party from being stolen 2. Prevent the passive Closing Party from not receiving the final ACK
11. * What are the process scheduling algorithms:
First come first go service time-slice Round-robin method Short homework first Multilevel feedback queue scheduling algorithm Priority scheduling
12. What is the relationship between virtual memory and physical memory
1. Virtual memory makes the application think it has a continuous address space, but in fact, it is usually separated into multiple physical memory fragments, Another part is stored on external disk memory for data exchange when needed. 2. Virtual memory allows programs to have more available memory space than the size of the system's physical memory. Virtual memory allows each process to have a continuous and complete memory space.
13. Memory management mechanism of operating system:
1. Block management: The memory is divided into several fixed size blocks, each containing only one process. 2. Page management: Divide main memory into equal sized and fixed page by page forms 3. Segment management: 4. Segment page management:
14. Symmetric encryption algorithm and asymmetric encryption algorithm:
1. Symmetric encryption: there is only one key. The encryption and decryption is the same password, and the encryption and decryption speed is fast, Typical symmetric encryption algorithms are DES,AES Etc; 2. Asymmetric key encryption: different keys are used for encryption and decryption, and the operation speed is slow, Typical asymmetric encryption algorithms are RSA,DSA etc.